[Patch] BIO free bug in bio ssl.c/ssl free() implementation
Hi, I've noticed that BIO_NOCLOSE flag does not have the desired effect on ssl_bio, i.e. SSL connection is closed regardless of whether this flag is set, or not. This patch should fix the problem. --- openssl/ssl/bio_ssl.c 2002-01-12 16:56:10.0 +0100 +++ openssl.patched/ssl/bio_ssl.c 2003-02-07 15:22:09.0 +0100 @@ -125,7 +125,7 @@ if (a == NULL) return(0); bs=(BIO_SSL *)a-ptr; - if (bs-ssl != NULL) SSL_shutdown(bs-ssl); if (a-shutdown) { + if (bs-ssl != NULL) SSL_shutdown(bs-ssl); if (a-init (bs-ssl != NULL)) SSL_free(bs-ssl); __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[PATCH] Engine in OCSP
Hi, It seems, that the engine support in ocsp is missing. Below is a simple patch which adds that support: diff -Nu --recursive openssl-0.9.7/apps/ocsp.c openssl-0.9.7-new/apps/ocsp.c --- openssl-0.9.7/apps/ocsp.c Tue Dec 3 17:34:23 2002 +++ openssl-0.9.7-new/apps/ocsp.c Tue Feb 11 15:16:42 2003 @@ -105,7 +105,6 @@ int MAIN(int argc, char **argv) { - ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = /; char *reqin = NULL, *respin = NULL; @@ -144,6 +143,10 @@ TXT_DB *rdb = NULL; int nmin = 0, ndays = -1; +ENGINE *e = NULL; +int rkeyform=FORMAT_PEM; +const char *engine = NULL; + if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) @@ -505,6 +508,24 @@ } else badarg = 1; } +else if(!strcmp(*args, -engine) ) + { +if (args[1]) + { + ++args; + engine = *args; +} + else badarg = 1; + } +else if(!strcmp(*args, -rkeyform) ) + { +if( args[1] ) + { + ++args; + rkeyform=str2fmt(*args); + } + else badarg = 1; + } else badarg = 1; args++; } @@ -520,6 +541,8 @@ BIO_printf (bio_err, -out file output filename\n); BIO_printf (bio_err, -issuer file issuer certificate\n); BIO_printf (bio_err, -cert file certificate to check\n); + BIO_printf (bio_err, -engine e use engine e, possibly a +hardware device.\n); + BIO_printf (bio_err, -rkeyform arg private key file format (PEM +or ENGINE).\n); BIO_printf (bio_err, -serial n serial number to check\n); BIO_printf (bio_err, -signer file certificate to sign OCSP request with\n); BIO_printf (bio_err, -signkey file private key to sign OCSP request with\n); @@ -563,6 +586,8 @@ BIO_printf (bio_err, -nrequest nnumber of requests to accept (default unlimited)\n); goto end; } + +e = setup_engine(bio_err, engine, 0); if(outfile) out = BIO_new_file(outfile, w); else out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ -617,7 +642,7 @@ NULL, e, responder other certificates); if (!rother) goto end; } - rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, + rkey = load_key(bio_err, rkeyfile, rkeyform, 0, NULL, e, responder private key); if (!rkey) goto end; @@ -870,6 +895,7 @@ ret = 0; end: + if(e) ENGINE_free(e); ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); @@ -1225,4 +1251,3 @@ BIO_flush(cbio); return 1; } - regards, -- Wojtek lusarczyk __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: please test snapshot openssl-0.9.7-stable-SNAP-20030214.tar.gz
On Fri, Feb 14, 2003 at 06:08:34PM +0100, Bodo Moeller wrote: Please test snapshot openssl-0.9.7-stable-SNAP-20030214.tar.gz (or later), which will be available today around 8 p.m. GMT at URL: ftp://ftp.openssl.org/snapshot;type=d . openssl-0.9.7-stable-SNAP-20030216 on current Cygwin 1.3.20. Building and installing shared and static libs using the utils/cygwin.sh script (but with idea, rc5 and mdc2) works fine. All tests pass. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #509] about Suse
Hello (a beginner using linux+ssl) I tried to install the latest version of openssl (openssl-0.9.7.tar.gz) under Suse Linux 7.2 but it makes no results. The make and make install command doesn´t work. Then I tried with the version 9.6h.tar.gz and the make and make install runs. The only problem I had is that i received an error messages like this: make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/rand' making all in crypto/err... make[2]: Entering directory `/var/tmp/openssl-0.9.6h/crypto/err' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/err' making all in crypto/objects... make[2]: Entering directory `/var/tmp/openssl-0.9.6h/crypto/objects' /usr/local/bin/perl objects.pl objects.txt obj_mac.num obj_mac.h make[2]: /usr/local/bin/perl: Command not found make[2]: *** [obj_mac.h] Error 127 make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/objects' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto' make: *** [sub_all] Error 1 What I understand is that openssl is looking for archive perl, under the the directory /usr/local/bin/ ..but in my computer the archive perl is located at /usr/bin/. My question is ..What I can do ..so that ..when I run the make install ..it looks for the perl archive in /usr//bin/ and not in /usr/local/bin If you have other solution please let me know... Thanks a lot __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]